Secunia Security Advisory - Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to the filename and the Content-Type header not being sufficiently validated before being displayed in the file download dialog. This can be exploited to spoof file types in the download dialog by passing specially crafted Content-Disposition and Content-Type headers containing dots and ASCII character code 160. Successful exploitation may result in users being tricked into executing a malicious file via the download dialog. The vulnerability has been confirmed on Opera 7.54 for Windows. Other versions may also be affected.
3039a1672179b775aa7c491c4d1dd8a33aa4723167c21f1976a34523b34bfe14
TITLE:
Opera Download Dialog Spoofing Vulnerability
SECUNIA ADVISORY ID:
SA12981
VERIFY ADVISORY:
http://secunia.com/advisories/12981/
CRITICAL:
Moderately critical
IMPACT:
Spoofing
WHERE:
>From remote
SOFTWARE:
Opera 7.x
http://secunia.com/product/761/
DESCRIPTION:
Secunia Research has discovered a vulnerability in Opera, which can
be exploited by malicious people to trick users into executing
malicious files.
The vulnerability is caused due to the filename and the
"Content-Type" header not being sufficiently validated before being
displayed in the file download dialog. This can be exploited to spoof
file types in the download dialog by passing specially crafted
"Content-Disposition" and "Content-Type" headers containing dots and
ASCII character code 160.
Successful exploitation may result in users being tricked into
executing a malicious file via the download dialog.
The vulnerability has been confirmed on Opera 7.54 for Windows. Other
versions may also be affected.
SOLUTION:
Update to version 7.54u1.
http://www.opera.com/download/
PROVIDED AND/OR DISCOVERED BY:
Andreas Sandblad, Secunia Research.
ORIGINAL ADVISORY:
http://secunia.com/secunia_research/2004-19/advisory/
OTHER REFERENCES:
Vendor advisory:
http://www.opera.com/support/search/supsearch.dml?index=782
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------